Update: The current version of the Facebook iPhone app has a warning for syncing users. Those who synced with an old version won’t have seen the warnings though, and we’re still left wondering where some numbers in our Facebook address book have come from, and exactly what usage rights Facebook has over the content. There’s a large remove data button in the Facebook app when you have sync turned on but that appears to just delete Facebook contact info from the phone. Removing the details from the web which have been synced isn’t simply explained. It seems you need to turn off the sync function in the iPhone app and visit this link (which doesn’t currently seem to be working). We’re still chasing Facebook and Apple for comment on the outstanding issues.

If you use the Facebook iPhone app sync feature you might not have realised it does more than add pictures to your address book. A piece by The Guardian’s Charles Arthur points out today that the Facebook iPhone app also uploads all the numbers in your phone’s address book to Facebook, seemingly without warning. It’s a move that puts Facebook on a collision course with Apple, as it breaches app store guidelines. So why is Facebook still in the App store and Apple ads if it’s breaking the rules?

Kurt von Moos, quoted in The Guardian’s, says: “Facebook doesn’t warn users that they are uploading their phone’s address book to Facebook. In fact, because Facebook doesn’t sync contact number or email addresses TO your phone, most users wrongly assume that Facebook Contact Sync only syncs user pictures. In reality, they are pumping your address book, without consent.”

The Electricpig Facebook users are pretty savvy about privacy settings, but even we weren’t aware that Facebook slings you iPhone’s contact numbers onto the web where they could be accessible to others. The Facebook app also appears to share numbers for contacts that you don’t have, but your Facebook friends do. Follow this link while logged onto Facebook and you’ll see your own inadvertent stash of online numbers.

In the latest version of the Facebook iPhone app, the sync function is labelled with the words “Add Facebook profile pictures and links to Contacts”. There’s no indication that the numbers from your phone will be synced to the web and according to Apple App Store Review guidelines (PDF link), we think the Facebook is in breach of the rules.

Firstly the syncing of your iPhone contacts by the Facebook iPhone app could be construed as a hidden feature. That would be in contravention of Apple’s App Store Review guideline 2.4: “Apps that include undocumented or hidden features inconsistent with the description of the app will be rejected.”

Secondly and perhaps more importantly, the Facebook iPhone app seems to ignore Apple’s rules on user consent, specifically point 7.1 which states: “Apps cannot transmit data about a user obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used.”

We’ve contacted both Apple and Facebook and are waiting for a response. While Apple isn’t responsible for Facebook’s phone book scraping, it looks like the app does breach the rules. Is Facebook simply big enough to be granted an exception? We’re also interested to hear Facebook’s explanation for not clearly indicating how its syncing feature works.

We’d love to hear what you think about the Facebook iPhone app grabbing phone numbers in such a subtle way. Are you non-plussed? Shout up in the comments section below.

So because my friends bought iphone I now have my number forced up to facebook without my consent? There's got to be a law suit in there somewhere. Fair enough if it uploads the user's number (and the're warned about it) but uploading their friends numbers has to be illegal doesn't it?

NL

I wonder whether fb is in breach of the UK's Data Protection Act? Any thoughts?

http://www.facebook.com/profile.php?id=866350172 Tom Murton

The remove seems to work now:We are deleting all email and phone contacts you previously uploaded to Facebook. This may take a few minutes.